Although most computing devices (particularly personal computing devices) have built in password security, many people choose not to have the hassle of initiating it. Those that do are often frustrated by it, and often there is a corporate insistence on changing the password every month. Every log-in ideally needs a different password. Remembering all those passwords and selecting the appropriate one is very onerous.
In practice password systems for computing devices can be breached in several ways, for example: random trial and error, e.g., hitting random keys, where eventually the correct password will be found, but may take a long time; systematic trial and error, e.g., trying 0000, 0001, 0002, and so forth for a PIN number; inspired guesswork, e.g., trying general favorite numbers, for example, 1066, 1234, and so forth, or personal numbers, for example, birthday, telephone number, and so forth; learning the password by surveillance, shoulder surfing, finding the password written down somewhere, and so forth; hacking, e.g., key click measurement, on-line interception, and so forth; forced disclosure to a mugger.
A 4 number PIN has a theoretical security of 1 in 10×10×10×10=1 in 10,000 or 0.0001. Hackers would probably give up if they had the typical three chances at these odds. However in practice the problem is that people find it hard to remember multiple passwords/numbers, so either they choose a memorable personal number which is likely to be used widely elsewhere, or a non-memorable one which they need to write down somewhere—usually next to the computing device requiring the security. Finally there have been many reported instances of surveillance scams to learn passwords, or just looking over someone's shoulder when they are entering their PIN or password. So the practical security offered by a PIN number, say (from a hacker's or thieves point of view) is in fact quite modest.